From: Dr. Stephen Henson Date: Sun, 27 Dec 2009 23:03:40 +0000 (+0000) Subject: Update RI to match latest spec. X-Git-Tag: OpenSSL_0_9_8m-beta1~22 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=5f409487146a78c4e5619dcb2587a1d9c824f875;p=oweals%2Fopenssl.git Update RI to match latest spec. MCSV is now called SCSV. Don't send SCSV if renegotiating. Also note if RI is empty in debug messages. --- diff --git a/ssl/ssl3.h b/ssl/ssl3.h index 7ad803833d..b5f61f0217 100644 --- a/ssl/ssl3.h +++ b/ssl/ssl3.h @@ -130,8 +130,8 @@ extern "C" { #endif /* Magic Cipher Suite Value. NB: bogus value used for testing */ -#ifndef SSL3_CK_MCSV -#define SSL3_CK_MCSV 0x03000FEC +#ifndef SSL3_CK_SCSV +#define SSL3_CK_SCSV 0x03000FEC #endif #define SSL3_CK_RSA_NULL_MD5 0x03000001 diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 31f76abd1a..f2999ead7f 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -1300,18 +1300,18 @@ int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p, p+=j; } /* If p == q, no ciphers and caller indicates an error, otherwise - * add MCSV + * add SCSV */ if (p != q) { - static SSL_CIPHER msvc = + static SSL_CIPHER scsv = { - 0, NULL, SSL3_CK_MCSV, 0, 0, 0, 0, 0, 0, 0, + 0, NULL, SSL3_CK_SCSV, 0, 0, 0, 0, 0, 0, 0, }; - j = put_cb ? put_cb(&msvc,p) : ssl_put_cipher_by_char(s,&msvc,p); + j = put_cb ? put_cb(&scsv,p) : ssl_put_cipher_by_char(s,&scsv,p); p+=j; #ifdef OPENSSL_RI_DEBUG - fprintf(stderr, "MCSV sent by client\n"); + fprintf(stderr, "SCSV sent by client\n"); #endif } @@ -1343,15 +1343,15 @@ STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num, for (i=0; is3 && (n != 3 || !p[0]) && - (p[n-2] == ((SSL3_CK_MCSV >> 8) & 0xff)) && - (p[n-1] == (SSL3_CK_MCSV & 0xff))) + (p[n-2] == ((SSL3_CK_SCSV >> 8) & 0xff)) && + (p[n-1] == (SSL3_CK_SCSV & 0xff))) { s->s3->send_connection_binding = 1; p += n; #ifdef OPENSSL_RI_DEBUG - fprintf(stderr, "MCSV received by server\n"); + fprintf(stderr, "SCSV received by server\n"); #endif continue; } diff --git a/ssl/t1_reneg.c b/ssl/t1_reneg.c index 07fd5cb570..9c2cc3c712 100644 --- a/ssl/t1_reneg.c +++ b/ssl/t1_reneg.c @@ -131,7 +131,8 @@ int ssl_add_clienthello_renegotiate_ext(SSL *s, unsigned char *p, int *len, memcpy(p, s->s3->previous_client_finished, s->s3->previous_client_finished_len); #ifdef OPENSSL_RI_DEBUG - fprintf(stderr, "RI extension sent by client\n"); + fprintf(stderr, "%s RI extension sent by client\n", + s->s3->previous_client_finished_len ? "Non-empty" : "Empty"); #endif } @@ -182,7 +183,8 @@ int ssl_parse_clienthello_renegotiate_ext(SSL *s, unsigned char *d, int len, return 0; } #ifdef OPENSSL_RI_DEBUG - fprintf(stderr, "RI extension received by server\n"); + fprintf(stderr, "%s RI extension received by server\n", + ilen ? "Non-empty" : "Empty"); #endif s->s3->send_connection_binding=1; @@ -214,7 +216,8 @@ int ssl_add_serverhello_renegotiate_ext(SSL *s, unsigned char *p, int *len, memcpy(p, s->s3->previous_server_finished, s->s3->previous_server_finished_len); #ifdef OPENSSL_RI_DEBUG - fprintf(stderr, "RI extension sent by server\n"); + fprintf(stderr, "%s RI extension sent by server\n", + s->s3->previous_client_finished_len ? "Non-empty" : "Empty"); #endif } @@ -280,7 +283,8 @@ int ssl_parse_serverhello_renegotiate_ext(SSL *s, unsigned char *d, int len, return 0; } #ifdef OPENSSL_RI_DEBUG - fprintf(stderr, "RI extension received by client\n"); + fprintf(stderr, "%s RI extension received by client\n", + ilen ? "Non-empty" : "Empty"); #endif s->s3->send_connection_binding=1;